Hermes: A targeted fuzz testing framework

2Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Security assurance cases (security cases) are used to represent claims for evidence-based assurance of security properties in software. A security case uses evidence to argue that a particular claim is true, e.g., buffer overflows cannot happen. Evidence may be generated with a variety of methods. Random negative testing (fuzz testing) has become a popular method for creating evidence for the security of software. However, traditional fuzz testing is undirected and provides only weak evidence for specific assurance concerns, unless significant resources are allocated for extensive testing. This paper presents a method to apply fuzz testing in a targeted way to more economically support the creation of evidence for specific security assurance cases. Our experiments produced results with target code coverage comparable to an exhaustive fuzz test run while significantly reducing the test execution time when compared to exhaustive methods. These results provide specific evidence for security cases and provide improved assurance.

Cite

CITATION STYLE

APA

Shortt, C., & Weber, J. (2015). Hermes: A targeted fuzz testing framework. In Communications in Computer and Information Science (Vol. 532, pp. 453–468). Springer Verlag. https://doi.org/10.1007/978-3-319-22689-7_35

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free